About us
This site is the home of security strategies, standards, policies, and guidance for UK government departments and their arm’s length bodies.
Its purpose is to promote consistent and coherent ways of working in security across government. The information in this site is provided by the Government Security Function.
Government security consists of 4 areas:
- Cyber – protecting systems, data, and services from unauthorised access, harm, or misuse
- Personnel – mitigating the risk of people abusing their legitimate access to government assets
- Physical – protecting our people and our physical assets, including services and systems, places, equipment, and networks.
- Technical – protecting sensitive information and systems from technical attacks
Core documentation
The core categories of documentation in this site are as follows:
- Standards set expectations and reasons for the activities organisations must perform to protect government assets, and specify the required procedures and/or performance criteria.
- Policies set a specific direction or approach to meet a standard, and are created when deemed necessary by the Government Security Group and/or government ministers
- Guidance provides advice and examples of best practice, usually in support of policies, and can include specific technical or procedural controls
- Strategies set an action plan with dates and measurable goals – they are critical for motivating people to meet the security vision specified in our standards
Note: civil servants can access additional content by signing into the site.
Government Security Function
The Government Security Function (GSF) seeks to build the capacity and capabilities of physical, human, and information security professionals across government departments. It is a collection of common services intended to promote best practice, common standards, and efficiencies to achieve better security outcomes.
Government Security Group
The Government Security Group (GSG) is part of the Cabinet Office, and is the centre of the GSF. The GSG is responsible for the oversight, coordination, and delivery of protective security within all central government departments, their agencies, and arm’s length bodies.
The work of the GSG is supported by cross-government security strategies. The policies it develops are informed by the National Cyber Security Centre (NCSC) and National Security Protective Authority (NPSA).
Government Chief Security Officer
Vincent Devine is the Government Chief Security Officer (GCSO).
The GCSO leads the Government Security Function and is also the Director General of the Government Security Group.